Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
A newly proposed National Centre of Excellence for Cyber Security with a focus on operational technologies is planned to be accepted by the Scarborough Council. The £237,000 project aims to develop partnerships with government, industry, and academic institutions, providing “new opportunities, products, services and solutions to new and existing business” and supply “new, innovative, and in demand cyber security skills”. A planned facility called FabLab+ is expected to be built and “will have a pivotal role in providing a focus for activity”. With these developments, the Cyber Security Cluster Strategy will engage with 120 organizations to increase cyber security awareness, training, and career opportunities. 25 small to medium businesses will also be helped by the strategy to “implement the steps needed to protect their business and customers from the most common cyberattacks”.
By TheScarboroughNews.co.uk
The UK Government has brought forth plans to build a cyber academy. The £50 million cyber academy will aim to create world-class cyber experts, both domestically and internationally, as well as benefit international partners, such as the US, through exchanging knowledge and ideas in cyberspace operations. The Commander of Strategic Command, General Sir Jim Hockenhull, stated “Strategic Command is committed to ensuring our personnel have the cyber skills needed to maintain a competitive edge against our adversaries. The Defence Cyber Academy will allow us to expand the training opportunities we offer and share these with our international allies. This new development will help us share our expertise and better conduct the integrated operations needed in a modern battlespace.”
By Gov.uk
The Australian telecommunication giant Optus has disclosed that data for around 10 million customers' has been stolen, approximately 40% of Australia’s population. This massive data breach has resulted in current and former customers’ data being stolen including names, birth dates, home addresses, phone and email contacts, passport and driving licence numbers. Optus has stressed that no payment details or account passwords have been compromised. The breach is thought to have originated overseas and has caused scrutiny of Australia’s data and privacy laws. Following the initial breach, an unknown party has submitted a sample of around 100 stolen records from Optus and requested $1.5m for the records not to be leaked, the sample submitted has been verified as legitimate.
By BBC.co.uk
The Ukrainian Military Intelligence Service are considering the possibility that Russia have plans to unleash “massive cyberattacks”. It is believed that these attacks will target the infrastructure of Ukraine and its allies in the near future; disruptions in the energy industry is to be expected.
Also, according to the Ukrainian government, “The Kremlin intends to increase the intensity of DDoS attacks on the critical infrastructure of Ukraine’s closest allies, primarily Poland and the Baltic countries,”. Ukraine has warned its allies of the possibility of these cyberattacks and allied governments are expected to bolster their defences in preparation.
By BleepingComputer.com
Around 85 total applications, 75 on the Google Play Store and 10 on the Apple Store, have been identified as part of an Ad Fraud campaign that was launched back in 2019. Before being removed, these apps amassed more than 13 million installs, meaning this campaign had a huge impact prior to its discovery. The latest variant of the campaign, Scylla, has been described as a “significant step up in sophistication from previous variants”, with the apps being designed to commit multiple kinds of ad fraud. It is rare that malicious applications make there way on to the Apple App Store, making this campaign stand out from most.
By TheHackerNews.com
TAP Air Portugal recently announced that they were subject to a cyberattack at the hands of the Ragnar Locker gang. This disclosure occurred back in August, but it was originally believed that no customer data had been compromised. Contrary to this announcement, the Ragnar Locker gang have released a sample of the five million records they were able to access. The stolen data included dates of birth, email addresses, genders, nationalities, physical addresses and more. It is also believed that the personal data of the Portuguese president was compromised as part of this attack.
TAP Air Portugal have advised all customers to change their passwords as soon as possible.
By BitDefender.com
This week has been a scare to many, with rumours of a WhatsApp Zero-Day exploit circulating. In truth, there were two security flaws found in WhatsApp, both of which could potentially lead to remote code execution. While these are serious flaws, they are not Zero-Days, as they were discovered internally by WhatsApp and patched immediately. Despite this twist, these are still serious vulnerabilities, both of which now have fixes. We advise updating your application as soon as possible (if you have not done so already) to ensure you are protected against these RCE flaws.
By NakedSecurity.sophos.com
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #207 – 30th September 2022
Why not follow us on social media:
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
